dirkjanm / pkinittools Goto Github PK

The pfx I obtained using adcs esc8

proxychains4 python3 getnthash.py -key 2797e04fc0a00ce9277ff8ebcf276fe0f660158bc970d560c988a2007180a216 redteam/DC$ -dc-ip 192.168.1.1 -debug
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
Impacket v0.12.0.dev1+20240130.154745.97007e84 - Copyright 2023 Fortra

[+] Impacket Library Installation Path: /usr/local/lib/python3.11/dist-packages/impacket-0.12.0.dev1+20240130.154745.97007e84-py3.11.egg/impacket
[+] Using Kerberos Cache: dc.ccache
[+] SPN KRBTGT/[email protected] not found in cache
[+] AnySPN is True, looking for another suitable SPN
[+] No valid credentials found in cache. 
Traceback (most recent call last):
  File "/home/kali/Desktop/PKINITtools/getnthash.py", line 273, in <module>
    dumper.dump()
  File "/home/kali/Desktop/PKINITtools/getnthash.py", line 121, in dump
    decodedTGT = decoder.decode(tgt, asn1Spec = AS_REP())[0]
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pyasn1/codec/ber/decoder.py", line 1337, in __call__
    raise error.SubstrateUnderrunError(
pyasn1.error.SubstrateUnderrunError: Short octet stream on tag decoding
[-] Short octet stream on tag decoding

Hi,

Thank you for your effort developing this tool. I am trying to use the tool to request a TGT but it currently fails. See below for the command I used and the related error.

──(shadow)─(root💀kali)-[/home/kali/pentest/PKINITtools-master]
└─# python3 gettgtpkinit.py adlab.local/user_t_1_admins user_t_1_admins.ccache -cert-pfx /home/kali/pentest/pywhisker-main/hHKEiIIf.pfx -pfx-pass OhEKkA1wkW7FC1xUX337
2021-09-13 19:40:13,894 minikerberos INFO Loading certificate and key from file
2021-09-13 19:40:13,919 minikerberos INFO Requesting TGT
Traceback (most recent call last):
File "/home/kali/pentest/PKINITtools-master/gettgtpkinit.py", line 349, in
main()
File "/home/kali/pentest/PKINITtools-master/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/pentest/PKINITtools-master/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
File "/home/kali/pentest/PKINITtools-master/shadow/lib/python3.9/site-packages/minikerberos/network/clientsocket.py", line 87, in sendrecv
raise KerberosError(krb_message)
File "/home/kali/pentest/PKINITtools-master/shadow/lib/python3.9/site-packages/minikerberos/protocol/errors.py", line 20, in init
super(Exception, self).init('%s Error Code: %d Reason: %s ' % (extra_msg, self.errorcode.value, self.errormsg.value))
AttributeError: 'str' object has no attribute 'value'

I'm getting an error similar to #6

/PKINITtools/gets4uticket.py", line 17, in <module>
    from minikerberos.common.url import KerberosClientURL, kerberos_url_help_epilog
ModuleNotFoundError: No module named 'minikerberos.common.url'

I've run pip3 install impacket minikerberos per the docs and pip3 list shows

minikerberos                   0.4.0

The command I'm attempting to execute is

┌──(venv)─(user@tehbox)-[~/PKINITtools]
└─$ KRB5CCNAME=out.ccache python3 gets4uticket.py kerberos+ccache://tehdomain.com\\tehdc\$:[email protected] cifs/[email protected] [email protected] targetuser.ccache -v

any ideas on solving this one?

I've tried uninstalling a few times, making sure its not using pip3 cache, and Ive also tried installing minikerbeos from the repo

Python version: Python 3.9
OS: Kali Linux 2021.XX
PKINIT Status: Worked with Rubeus

I encountered the error from minikerberos.pkinit import PKINIT missing. I had installed oscrypto and minikerberos and also did python -m pip install -r requirements.txt to no avail. I tried sudo and no sudo adaptions also to no avail. In the end, I found that uninstalling minikerberos and installing from their GitHub repository succeeded.

Adding this issue to note the workaround for future reference and closing due to likely pip being out-of-date.

Hello, get this error when trying to get tgt with gettgtpkinit.py (it's ok with rubeus):

python3 gettgtpkinit.py EVIL/DC1-WS2019$ -pfx-base64 @base64Value -dc-ip 192.168.114.2 DC-WS2019.ccache

2021-11-28 04:54:42,236 minikerberos INFO Loading certificate and key from file
2021-11-28 04:54:42,314 minikerberos INFO Requesting TGT
Traceback (most recent call last):
File "/home/kali/Take and learn/PKINITtools-master/gettgtpkinit.py", line 349, in
main()
File "/home/kali/Take and learn/PKINITtools-master/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/Take and learn/PKINITtools-master/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
File "/home/kali/Take and learn/MSEFSR ADCS/impacket/impacket/lib/python3.9/site-packages/minikerberos/network/clientsocket.py", line 87, in sendrecv
raise KerberosError(krb_message)
minikerberos.protocol.errors.KerberosError: Error Code: 62 Reason: The client trust failed or is not implemented

when I gettgt from a certificate ,I get error show below:
python3 gettgtpkinit.py -cert-pfx ../temp/PetitPotam/host1.pfx -dc-ip 10.0.0.0.1 domain/test$ test.ccache -v 1 ⨯
2021-07-30 04:59:22,388 minikerberos INFO Loading certificate and key from file
2021-07-30 04:59:22,507 minikerberos INFO Requesting TGT
Traceback (most recent call last):
File "/home/kali/PKINITtools/gettgtpkinit.py", line 349, in
main()
File "/home/kali/PKINITtools/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/PKINITtools/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
File "/usr/local/lib/python3.9/dist-packages/minikerberos-0.2.14-py3.9.egg/minikerberos/network/clientsocket.py", line 87, in sendrecv
minikerberos.protocol.errors.KerberosError: Error Code: 16 Reason: KDC has no support for PADATA type (pre-authentication data)

i need help

proxychains4 python3 gettgtpkinit.py test.com/'DC1$' -pfx-base64 `cat DC01.pfx.b64` -pfx-pass "admin"  -dc-ip 172.16.12.8 DC01.ccache

[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
2024-01-04 11:23:56,834 minikerberos INFO     Loading certificate and key from file
INFO:minikerberos:Loading certificate and key from file
2024-01-04 11:23:56,853 minikerberos INFO     Requesting TGT
INFO:minikerberos:Requesting TGT
Traceback (most recent call last):
  File "/home/kali/PKINITtools-master/gettgtpkinit.py", line 349, in <module>
    main()
  File "/home/kali/PKINITtools-master/gettgtpkinit.py", line 345, in main
    amain(args)
  File "/home/kali/PKINITtools-master/gettgtpkinit.py", line 315, in amain
    res = sock.sendrecv(req)
          ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/minikerberos/network/clientsocket.py", line 85, in sendrecv
    raise KerberosError(krb_message)
minikerberos.protocol.errors.KerberosError:  Error Name: KDC_ERR_CLIENT_NAME_MISMATCH Detail: "Error message not found! Err code: 75" 
                                                   

Hi,

Thank you for this tool.

Upon testing this today on the latest version of Kali I get the below error. I have installed PKINITools as per your instructions here. I believe that wbond/oscrypto#78 is the issue. I also reported the same issue for LdapRelayScan but the fix I found there does not work here. Perhaps because oscrypto is installed during installation of minikerberos and therefore cannot be commented out and replaced.

This is becoming an epidemic. Vital tools are no longer working.

Update 1: Found a temporary fix for this issue. After installing as per the official instructions, execute pip3 install -I git+https://github.com/wbond/oscrypto.git which will install the current master of oscrypto in which this issue is fixed.